Admin password change does not work in Distributed Cloud deployments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Tao Liu |
Bug Description
Brief Description
-----------------
Changes to the keystone admin user password do not work in distributed cloud deployments:
- The DC components in the system controller (dcmanager, dcorch) use the admin user to authenticate with services in the subcloud (e.g. sysinv, patching).
- After the admin password is updated in the system controller, all REST API requests to the subclouds fail because the admin password in the subclouds does not match. The dcmanager/dcorch are not able to get a token from the subcloud keystone.
- This prevents the dcorch from syncing the new admin user password to the subcloud. It also prevents dcmanager from auditing the subclouds, causing the subclouds to all go offline.
Severity
--------
Major: admin password changes are not supported in DC deployments
Steps to Reproduce
------------------
Install a DC system and attempt to change the admin password.
Expected Behavior
------------------
The admin password can be changed.
Actual Behavior
----------------
After the admin password is changed, all subclouds will go offline.
Reproducibility
---------------
Reproducible
System Configuration
-------
Distributed Cloud
Branch/Pull Time/Commit
-------
stx.3.0 release and later
Last Pass
---------
never
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Evaluation
Workaround
----------
Change the admin password back to the original value
Changed in starlingx: | |
assignee: | nobody → Tao Liu (tliu88) |
tags: | added: stx.distcloud |
tags: | added: stx.retestneeded |
tags: | removed: stx.retestneeded |
Fix proposed to branch: master /review. opendev. org/735994
Review: https:/